CVE-2025-21374
published 2025-01-14CVE-2025-21374: Windows CSC Service Information Disclosure Vulnerability
medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
Windows CSC Service Information Disclosure Vulnerability
Affected
44 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10_1507 | < 10.0.10240.20890 | 10.0.10240.20890 |
| microsoft | windows_10_1607 | < 10.0.14393.7699 | 10.0.14393.7699 |
| microsoft | windows_10_1809 | < 10.0.17763.6775 | 10.0.17763.6775 |
| microsoft | windows_10_21h2 | < 10.0.19044.5371 | 10.0.19044.5371 |
| microsoft | windows_10_22h2 | < 10.0.19045.5371 | 10.0.19045.5371 |
| microsoft | windows_10_version_1507 | >= 10.0.10240.0 < 10.0.10240.20890 | 10.0.10240.20890 |
| microsoft | windows_10_version_1607 | >= 10.0.14393.0 < 10.0.14393.7699 | 10.0.14393.7699 |
| microsoft | windows_10_version_1809 | >= 10.0.17763.0 < 10.0.17763.6775 | 10.0.17763.6775 |
| microsoft | windows_10_version_21h2 | >= 10.0.19044.0 < 10.0.19044.5371 | 10.0.19044.5371 |
| microsoft | windows_10_version_22h2 | >= 10.0.19045.0 < 10.0.19045.5371 | 10.0.19045.5371 |
| microsoft | windows_11_22h2 | < 10.0.22621.4751 | 10.0.22621.4751 |
| microsoft | windows_11_23h2 | < 10.0.22631.4751 | 10.0.22631.4751 |
| microsoft | windows_11_24h2 | < 10.0.26100.2894 | 10.0.26100.2894 |
| microsoft | windows_11_version_22h2 | >= 10.0.22621.0 < 10.0.22621.4751 | 10.0.22621.4751 |
| microsoft | windows_11_version_22h3 | >= 10.0.22631.0 < 10.0.22631.4751 | 10.0.22631.4751 |
| microsoft | windows_11_version_23h2 | >= 10.0.22631.0 < 10.0.22631.4751 | 10.0.22631.4751 |
| microsoft | windows_11_version_24h2 | >= 10.0.26100.0 < 10.0.26100.2894 | 10.0.26100.2894 |
| microsoft | windows_server_2012 | — | — |
| microsoft | windows_server_2012 | >= 6.2.9200.0 < 6.2.9200.25273 | 6.2.9200.25273 |
| microsoft | windows_server_2012_r2 | >= 6.3.9600.0 < 6.3.9600.22371 | 6.3.9600.22371 |
| microsoft | windows_server_2016 | < 10.0.14393.7699 | 10.0.14393.7699 |
| microsoft | windows_server_2016 | >= 10.0.14393.0 < 10.0.14393.7699 | 10.0.14393.7699 |
| microsoft | windows_server_2019 | < 10.0.17763.6775 | 10.0.17763.6775 |
| microsoft | windows_server_2019 | >= 10.0.17763.0 < 10.0.17763.6775 | 10.0.17763.6775 |
| microsoft | windows_server_2022 | < 10.0.20348.3091 | 10.0.20348.3091 |
GHSA
GHSA-q7w5-5jr2-5xg5: Windows CSC Service Information Disclosure Vulnerability
ghsa_unreviewed·2025-01-14
CVE-2025-21374 [MEDIUM] CWE-125 GHSA-q7w5-5jr2-5xg5: Windows CSC Service Information Disclosure Vulnerability
Windows CSC Service Information Disclosure Vulnerability
Microsoft
Windows CSC Service Information Disclosure Vulnerability
vendor_msrc·2025-01-14·CVSS 5.5
CVE-2025-21374 [MEDIUM] CWE-125 Windows CSC Service Information Disclosure Vulnerability
Windows CSC Service Information Disclosure Vulnerability
FAQ: What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited this vulnerability is an out of bounds read in the caller's address space memory.
Windows Client-Side Caching (CSC) Service: Windows Client-Side Caching (CSC) Service
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Information Disclosure
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008
Reference: https://support.microsoft.com/help/5050008
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983
Reference: h
No detection rules found.
No public exploits indexed.
2025-01-14
Published